tower.policy.check(actor=jamie, action=read,
resource=campaign-q3-axe)
↳ tower.rego.eval(rule=campaign.access)
↳ binding.client_match(client=axe) ok
↳ binding.role_match(roles=[director]) ok
↳ verdict: ALLOW · trace_id=tw_5f8a
tower.policy.check(actor=jamie, action=read,
resource=campaign-q3-axe)
↳ tower.rego.eval(rule=campaign.access)
↳ binding.client_match(client=axe) ok
↳ binding.role_match(roles=[director]) ok
↳ verdict: ALLOW · trace_id=tw_5f8a
tower.policy.check(actor=jamie, action=read,
resource=campaign-q3-axe)
↳ tower.rego.eval(rule=campaign.access)
↳ binding.client_match(client=axe) ok
↳ binding.role_match(roles=[director]) ok
↳ verdict: ALLOW · trace_id=tw_5f8a
tower.policy.check(actor=jamie, action=read,
resource=campaign-q3-axe)
↳ tower.rego.eval(rule=campaign.access)
↳ binding.client_match(client=axe) ok
↳ binding.role_match(roles=[director]) ok
↳ verdict: ALLOW · trace_id=tw_5f8a
tower.policy.check(actor=jamie, action=read,
resource=campaign-q3-axe)
↳ tower.rego.eval(rule=campaign.access)
↳ binding.client_match(client=axe) ok
↳ binding.role_match(roles=[director]) ok
↳ verdict: ALLOW · trace_id=tw_5f8a
tower.policy.check(actor=jamie, action=read,
resource=campaign-q3-axe)
↳ tower.rego.eval(rule=campaign.access)
↳ binding.client_match(client=axe) ok
↳ binding.role_match(roles=[director]) ok
↳ verdict: ALLOW · trace_id=tw_5f8a

POLICY AS CODEOPA + REGO

ROLE + ATTRIBUTEBASED ACCESS

EVALUATEDON EVERY ACTION

TOWER

Policy as code. Granular access control, role-based and attribute-based, down to individual records and endpoints.

SCROLL

Who Can Do What. Enforced Everywhere.

Tower determines what authenticated users can actually do within CASTLE. Role-based access with fine-grained permissions — down to individual data records, API endpoints, and model access levels.

↳ /0.1

Role-Based Access Control (RBAC)

Define roles with granular permission sets. Analyst, Engineer, Operator, Admin. Each role scoped to exact resources and actions.

↳ /0.2

Attribute-Based Access Control (ABAC)

Complex conditional logic for edge cases. Permission depends on time, IP, device, data classification, or custom attributes.

↳ /0.3

Resource-Level Permissions

Per-API, per-endpoint, per-record control. User A sees records from region X. User B calls inference on specific models only.

↳ /0.4

Policy-as-Code

Versioned, auditable, reviewable permission rules. YAML-based definitions. Git-tracked policies. Code review before deployment.

↳ /0.5

Real-Time Updates

Permission changes take effect without system restart. Policy changes propagate to all nodes in milliseconds.

Role-Based Access Control

Assign users to roles. Each role grants a specific bundle of permissions across the CASTLE platform.

analyst

Data Analyst

Read Crown, query Echo with analyst models, view Atlas records from assigned department. No write access.

engineer

Platform Engineer

Full Echo, Crown, Atlas access. Deploy new models. Manage Shield certificates. Limited Lens (approved domains only).

operator

Operations

Monitor fleet health. Manage user accounts. Run Lens on controlled domains. No model training or deployment.

admin

Administrator

Unrestricted access to all CASTLE components. Policy management. Compliance audit. Can be scoped by IP range.

Attribute-Based Access Control

When RBAC isn't enough, use attributes. Time windows, IP ranges, device status, data sensitivity levels, and custom fields.

User Request

Agent requests inference on edge-1

→

Shield Checks

Authenticate user + device

→

Tower Evaluates

Check role + attributes

→

Decision

Allow or deny with reason

Policies as Code. Auditable by Default.

Every permission rule is code. Version controlled. Code reviewed. Reversible. Compliance-auditable.

      policy:
  name: analyst-inference
  description: "Analysts can run read-only inference on 4B models"
  effect: allow
  subjects: [role:analyst]
  resources: [echo:/v1/chat/completions]
  conditions:
    model: [edge-pro, edge-1]
    max_tokens: 4096

  metadata:
    created_by: james@virul.co
    approved_by: security@axe.observer
    data_classification: unclassified
    expires_at: 2027-04-08

---

policy:
  name: engineer-full-access
  effect: allow
  subjects: [role:engineer]
  resources: [echo:*, crown:*, atlas:*]
  conditions:
    ip_range: [*.*.*.*/16 (private ranges)]
    time_window: "09:00-18:00 EST"
    device_type: [laptop, desktop]
    

System Integration

Tower is the gatekeeper. Every request to Echo, Crown, Atlas, Lens flows through Tower's permission engine.

↳ /0.6

Shield Integration

Shield authenticates (who are you?). Tower authorizes (what can you do?). Two gates, both mandatory.

↳ /0.7

Echo Model Gating

User can call inference, but only on models they're authorized for. Policy-driven model access.

↳ /0.8

Crown Search Scoping

Knowledge query results filtered by user permissions. Analyst sees only unclassified + their department's data.

↳ /0.9

Atlas Row-Level Security

Database queries enforced by policy. User can only SELECT rows they're authorized to see.

↳ /0.10

Lens Domain Allowlisting

Browser automation only permitted on whitelisted domains per role. Policy controls which URLs agents can visit.

/ Contact · we read every inquiry

Talk to .

Demos, partnerships, government RFPs, technical questions. A person reads every form. You hear from someone — not a queue.